refs: prevent accidental NULL dereference in write_pseudoref
[gitweb.git] / refs.c
diff --git a/refs.c b/refs.c
index dec899a57a69800a44cebcd05e38c014da43ea3a..91c2af78b627ef242bb61f8853c6dd30b2551b66 100644 (file)
--- a/refs.c
+++ b/refs.c
@@ -239,8 +239,7 @@ int read_ref(const char *refname, unsigned char *sha1)
 
 int ref_exists(const char *refname)
 {
-       unsigned char sha1[20];
-       return !!resolve_ref_unsafe(refname, RESOLVE_REF_READING, sha1, NULL);
+       return !!resolve_ref_unsafe(refname, RESOLVE_REF_READING, NULL, NULL);
 }
 
 static int filter_refs(const char *refname, const struct object_id *oid,
@@ -286,12 +285,11 @@ static int warn_if_dangling_symref(const char *refname, const struct object_id *
 {
        struct warn_if_dangling_data *d = cb_data;
        const char *resolves_to;
-       struct object_id junk;
 
        if (!(flags & REF_ISSYMREF))
                return 0;
 
-       resolves_to = resolve_ref_unsafe(refname, 0, junk.hash, NULL);
+       resolves_to = resolve_ref_unsafe(refname, 0, NULL, NULL);
        if (!resolves_to
            || (d->refname
                ? strcmp(resolves_to, d->refname)
@@ -336,12 +334,6 @@ int for_each_tag_ref(each_ref_fn fn, void *cb_data)
        return refs_for_each_tag_ref(get_main_ref_store(), fn, cb_data);
 }
 
-int for_each_tag_ref_submodule(const char *submodule, each_ref_fn fn, void *cb_data)
-{
-       return refs_for_each_tag_ref(get_submodule_ref_store(submodule),
-                                    fn, cb_data);
-}
-
 int refs_for_each_branch_ref(struct ref_store *refs, each_ref_fn fn, void *cb_data)
 {
        return refs_for_each_ref_in(refs, "refs/heads/", fn, cb_data);
@@ -352,12 +344,6 @@ int for_each_branch_ref(each_ref_fn fn, void *cb_data)
        return refs_for_each_branch_ref(get_main_ref_store(), fn, cb_data);
 }
 
-int for_each_branch_ref_submodule(const char *submodule, each_ref_fn fn, void *cb_data)
-{
-       return refs_for_each_branch_ref(get_submodule_ref_store(submodule),
-                                       fn, cb_data);
-}
-
 int refs_for_each_remote_ref(struct ref_store *refs, each_ref_fn fn, void *cb_data)
 {
        return refs_for_each_ref_in(refs, "refs/remotes/", fn, cb_data);
@@ -368,12 +354,6 @@ int for_each_remote_ref(each_ref_fn fn, void *cb_data)
        return refs_for_each_remote_ref(get_main_ref_store(), fn, cb_data);
 }
 
-int for_each_remote_ref_submodule(const char *submodule, each_ref_fn fn, void *cb_data)
-{
-       return refs_for_each_remote_ref(get_submodule_ref_store(submodule),
-                                       fn, cb_data);
-}
-
 int head_ref_namespaced(each_ref_fn fn, void *cb_data)
 {
        struct strbuf buf = STRBUF_INIT;
@@ -579,8 +559,23 @@ enum ref_type ref_type(const char *refname)
        return REF_TYPE_NORMAL;
 }
 
-static int write_pseudoref(const char *pseudoref, const unsigned char *sha1,
-                          const unsigned char *old_sha1, struct strbuf *err)
+long get_files_ref_lock_timeout_ms(void)
+{
+       static int configured = 0;
+
+       /* The default timeout is 100 ms: */
+       static int timeout_ms = 100;
+
+       if (!configured) {
+               git_config_get_int("core.filesreflocktimeout", &timeout_ms);
+               configured = 1;
+       }
+
+       return timeout_ms;
+}
+
+static int write_pseudoref(const char *pseudoref, const struct object_id *oid,
+                          const struct object_id *old_oid, struct strbuf *err)
 {
        const char *filename;
        int fd;
@@ -588,29 +583,34 @@ static int write_pseudoref(const char *pseudoref, const unsigned char *sha1,
        struct strbuf buf = STRBUF_INIT;
        int ret = -1;
 
-       strbuf_addf(&buf, "%s\n", sha1_to_hex(sha1));
+       if (!oid)
+               return 0;
+
+       strbuf_addf(&buf, "%s\n", oid_to_hex(oid));
 
        filename = git_path("%s", pseudoref);
-       fd = hold_lock_file_for_update(&lock, filename, LOCK_DIE_ON_ERROR);
+       fd = hold_lock_file_for_update_timeout(&lock, filename,
+                                              LOCK_DIE_ON_ERROR,
+                                              get_files_ref_lock_timeout_ms());
        if (fd < 0) {
                strbuf_addf(err, "could not open '%s' for writing: %s",
                            filename, strerror(errno));
-               return -1;
+               goto done;
        }
 
-       if (old_sha1) {
-               unsigned char actual_old_sha1[20];
+       if (old_oid) {
+               struct object_id actual_old_oid;
 
-               if (read_ref(pseudoref, actual_old_sha1))
+               if (read_ref(pseudoref, actual_old_oid.hash))
                        die("could not read ref '%s'", pseudoref);
-               if (hashcmp(actual_old_sha1, old_sha1)) {
+               if (oidcmp(&actual_old_oid, old_oid)) {
                        strbuf_addf(err, "unexpected sha1 when writing '%s'", pseudoref);
                        rollback_lock_file(&lock);
                        goto done;
                }
        }
 
-       if (write_in_full(fd, buf.buf, buf.len) != buf.len) {
+       if (write_in_full(fd, buf.buf, buf.len) < 0) {
                strbuf_addf(err, "could not write to '%s'", filename);
                rollback_lock_file(&lock);
                goto done;
@@ -623,24 +623,25 @@ static int write_pseudoref(const char *pseudoref, const unsigned char *sha1,
        return ret;
 }
 
-static int delete_pseudoref(const char *pseudoref, const unsigned char *old_sha1)
+static int delete_pseudoref(const char *pseudoref, const struct object_id *old_oid)
 {
        static struct lock_file lock;
        const char *filename;
 
        filename = git_path("%s", pseudoref);
 
-       if (old_sha1 && !is_null_sha1(old_sha1)) {
+       if (old_oid && !is_null_oid(old_oid)) {
                int fd;
-               unsigned char actual_old_sha1[20];
+               struct object_id actual_old_oid;
 
-               fd = hold_lock_file_for_update(&lock, filename,
-                                              LOCK_DIE_ON_ERROR);
+               fd = hold_lock_file_for_update_timeout(
+                               &lock, filename, LOCK_DIE_ON_ERROR,
+                               get_files_ref_lock_timeout_ms());
                if (fd < 0)
                        die_errno(_("Could not open '%s' for writing"), filename);
-               if (read_ref(pseudoref, actual_old_sha1))
+               if (read_ref(pseudoref, actual_old_oid.hash))
                        die("could not read ref '%s'", pseudoref);
-               if (hashcmp(actual_old_sha1, old_sha1)) {
+               if (oidcmp(&actual_old_oid, old_oid)) {
                        warning("Unexpected sha1 when deleting %s", pseudoref);
                        rollback_lock_file(&lock);
                        return -1;
@@ -657,7 +658,7 @@ static int delete_pseudoref(const char *pseudoref, const unsigned char *old_sha1
 
 int refs_delete_ref(struct ref_store *refs, const char *msg,
                    const char *refname,
-                   const unsigned char *old_sha1,
+                   const struct object_id *old_oid,
                    unsigned int flags)
 {
        struct ref_transaction *transaction;
@@ -665,12 +666,13 @@ int refs_delete_ref(struct ref_store *refs, const char *msg,
 
        if (ref_type(refname) == REF_TYPE_PSEUDOREF) {
                assert(refs == get_main_ref_store());
-               return delete_pseudoref(refname, old_sha1);
+               return delete_pseudoref(refname, old_oid);
        }
 
        transaction = ref_store_transaction_begin(refs, &err);
        if (!transaction ||
-           ref_transaction_delete(transaction, refname, old_sha1,
+           ref_transaction_delete(transaction, refname,
+                                  old_oid ? old_oid->hash : NULL,
                                   flags, msg, &err) ||
            ref_transaction_commit(transaction, &err)) {
                error("%s", err.buf);
@@ -684,10 +686,10 @@ int refs_delete_ref(struct ref_store *refs, const char *msg,
 }
 
 int delete_ref(const char *msg, const char *refname,
-              const unsigned char *old_sha1, unsigned int flags)
+              const struct object_id *old_oid, unsigned int flags)
 {
        return refs_delete_ref(get_main_ref_store(), msg, refname,
-                              old_sha1, flags);
+                              old_oid, flags);
 }
 
 int copy_reflog_msg(char *buf, const char *msg)
@@ -939,6 +941,8 @@ int ref_transaction_update(struct ref_transaction *transaction,
                return -1;
        }
 
+       flags &= REF_TRANSACTION_UPDATE_ALLOWED_FLAGS;
+
        flags |= (new_sha1 ? REF_HAVE_NEW : 0) | (old_sha1 ? REF_HAVE_OLD : 0);
 
        ref_transaction_add_update(transaction, refname, flags,
@@ -984,17 +988,9 @@ int ref_transaction_verify(struct ref_transaction *transaction,
                                      flags, NULL, err);
 }
 
-int update_ref_oid(const char *msg, const char *refname,
-              const struct object_id *new_oid, const struct object_id *old_oid,
-              unsigned int flags, enum action_on_err onerr)
-{
-       return update_ref(msg, refname, new_oid ? new_oid->hash : NULL,
-               old_oid ? old_oid->hash : NULL, flags, onerr);
-}
-
 int refs_update_ref(struct ref_store *refs, const char *msg,
-                   const char *refname, const unsigned char *new_sha1,
-                   const unsigned char *old_sha1, unsigned int flags,
+                   const char *refname, const struct object_id *new_oid,
+                   const struct object_id *old_oid, unsigned int flags,
                    enum action_on_err onerr)
 {
        struct ref_transaction *t = NULL;
@@ -1003,11 +999,12 @@ int refs_update_ref(struct ref_store *refs, const char *msg,
 
        if (ref_type(refname) == REF_TYPE_PSEUDOREF) {
                assert(refs == get_main_ref_store());
-               ret = write_pseudoref(refname, new_sha1, old_sha1, &err);
+               ret = write_pseudoref(refname, new_oid, old_oid, &err);
        } else {
                t = ref_store_transaction_begin(refs, &err);
                if (!t ||
-                   ref_transaction_update(t, refname, new_sha1, old_sha1,
+                   ref_transaction_update(t, refname, new_oid ? new_oid->hash : NULL,
+                                          old_oid ? old_oid->hash : NULL,
                                           flags, msg, &err) ||
                    ref_transaction_commit(t, &err)) {
                        ret = 1;
@@ -1037,12 +1034,12 @@ int refs_update_ref(struct ref_store *refs, const char *msg,
 }
 
 int update_ref(const char *msg, const char *refname,
-              const unsigned char *new_sha1,
-              const unsigned char *old_sha1,
+              const struct object_id *new_oid,
+              const struct object_id *old_oid,
               unsigned int flags, enum action_on_err onerr)
 {
-       return refs_update_ref(get_main_ref_store(), msg, refname, new_sha1,
-                              old_sha1, flags, onerr);
+       return refs_update_ref(get_main_ref_store(), msg, refname, new_oid,
+                              old_oid, flags, onerr);
 }
 
 char *shorten_unambiguous_ref(const char *refname, int strict)
@@ -1248,19 +1245,13 @@ int refs_rename_ref_available(struct ref_store *refs,
        return ok;
 }
 
-int head_ref_submodule(const char *submodule, each_ref_fn fn, void *cb_data)
+int refs_head_ref(struct ref_store *refs, each_ref_fn fn, void *cb_data)
 {
        struct object_id oid;
        int flag;
 
-       if (submodule) {
-               if (resolve_gitlink_ref(submodule, "HEAD", oid.hash) == 0)
-                       return fn("HEAD", &oid, 0, cb_data);
-
-               return 0;
-       }
-
-       if (!read_ref_full("HEAD", RESOLVE_REF_READING, oid.hash, &flag))
+       if (!refs_read_ref_full(refs, "HEAD", RESOLVE_REF_READING,
+                               oid.hash, &flag))
                return fn("HEAD", &oid, flag, cb_data);
 
        return 0;
@@ -1268,7 +1259,7 @@ int head_ref_submodule(const char *submodule, each_ref_fn fn, void *cb_data)
 
 int head_ref(each_ref_fn fn, void *cb_data)
 {
-       return head_ref_submodule(NULL, fn, cb_data);
+       return refs_head_ref(get_main_ref_store(), fn, cb_data);
 }
 
 struct ref_iterator *refs_ref_iterator_begin(
@@ -1291,6 +1282,10 @@ struct ref_iterator *refs_ref_iterator_begin(
        if (trim)
                iter = prefix_ref_iterator_begin(iter, "", trim);
 
+       /* Sanity check for subclasses: */
+       if (!iter->ordered)
+               BUG("reference iterator is not ordered");
+
        return iter;
 }
 
@@ -1326,11 +1321,6 @@ int for_each_ref(each_ref_fn fn, void *cb_data)
        return refs_for_each_ref(get_main_ref_store(), fn, cb_data);
 }
 
-int for_each_ref_submodule(const char *submodule, each_ref_fn fn, void *cb_data)
-{
-       return refs_for_each_ref(get_submodule_ref_store(submodule), fn, cb_data);
-}
-
 int refs_for_each_ref_in(struct ref_store *refs, const char *prefix,
                         each_ref_fn fn, void *cb_data)
 {
@@ -1352,23 +1342,15 @@ int for_each_fullref_in(const char *prefix, each_ref_fn fn, void *cb_data, unsig
                               prefix, fn, 0, flag, cb_data);
 }
 
-int for_each_ref_in_submodule(const char *submodule, const char *prefix,
-                             each_ref_fn fn, void *cb_data)
-{
-       return refs_for_each_ref_in(get_submodule_ref_store(submodule),
-                                   prefix, fn, cb_data);
-}
-
-int for_each_fullref_in_submodule(const char *submodule, const char *prefix,
-                                 each_ref_fn fn, void *cb_data,
-                                 unsigned int broken)
+int refs_for_each_fullref_in(struct ref_store *refs, const char *prefix,
+                            each_ref_fn fn, void *cb_data,
+                            unsigned int broken)
 {
        unsigned int flag = 0;
 
        if (broken)
                flag = DO_FOR_EACH_INCLUDE_BROKEN;
-       return do_for_each_ref(get_submodule_ref_store(submodule),
-                              prefix, fn, 0, flag, cb_data);
+       return do_for_each_ref(refs, prefix, fn, 0, flag, cb_data);
 }
 
 int for_each_replace_ref(each_ref_fn fn, void *cb_data)
@@ -1376,7 +1358,7 @@ int for_each_replace_ref(each_ref_fn fn, void *cb_data)
        return do_for_each_ref(get_main_ref_store(),
                               git_replace_ref_base, fn,
                               strlen(git_replace_ref_base),
-                              0, cb_data);
+                              DO_FOR_EACH_INCLUDE_BROKEN, cb_data);
 }
 
 int for_each_namespaced_ref(each_ref_fn fn, void *cb_data)
@@ -1415,9 +1397,12 @@ const char *refs_resolve_ref_unsafe(struct ref_store *refs,
                                    unsigned char *sha1, int *flags)
 {
        static struct strbuf sb_refname = STRBUF_INIT;
+       struct object_id unused_oid;
        int unused_flags;
        int symref_count;
 
+       if (!sha1)
+               sha1 = unused_oid.hash;
        if (!flags)
                flags = &unused_flags;
 
@@ -1447,8 +1432,21 @@ const char *refs_resolve_ref_unsafe(struct ref_store *refs,
                if (refs_read_raw_ref(refs, refname,
                                      sha1, &sb_refname, &read_flags)) {
                        *flags |= read_flags;
-                       if (errno != ENOENT || (resolve_flags & RESOLVE_REF_READING))
+
+                       /* In reading mode, refs must eventually resolve */
+                       if (resolve_flags & RESOLVE_REF_READING)
+                               return NULL;
+
+                       /*
+                        * Otherwise a missing ref is OK. But the files backend
+                        * may show errors besides ENOENT if there are
+                        * similarly-named refs.
+                        */
+                       if (errno != ENOENT &&
+                           errno != EISDIR &&
+                           errno != ENOTDIR)
                                return NULL;
+
                        hashclr(sha1);
                        if (*flags & REF_BAD_NAME)
                                *flags |= REF_ISBROKEN;
@@ -1503,25 +1501,10 @@ const char *resolve_ref_unsafe(const char *refname, int resolve_flags,
 int resolve_gitlink_ref(const char *submodule, const char *refname,
                        unsigned char *sha1)
 {
-       size_t len = strlen(submodule);
        struct ref_store *refs;
        int flags;
 
-       while (len && is_dir_sep(submodule[len - 1]))
-               len--;
-
-       if (!len)
-               return -1;
-
-       if (submodule[len]) {
-               /* We need to strip off one or more trailing slashes */
-               char *stripped = xmemdupz(submodule, len);
-
-               refs = get_submodule_ref_store(stripped);
-               free(stripped);
-       } else {
-               refs = get_submodule_ref_store(submodule);
-       }
+       refs = get_submodule_ref_store(submodule);
 
        if (!refs)
                return -1;
@@ -1636,31 +1619,32 @@ struct ref_store *get_submodule_ref_store(const char *submodule)
 {
        struct strbuf submodule_sb = STRBUF_INIT;
        struct ref_store *refs;
-       int ret;
+       char *to_free = NULL;
+       size_t len;
 
-       if (!submodule || !*submodule) {
-               /*
-                * FIXME: This case is ideally not allowed. But that
-                * can't happen until we clean up all the callers.
-                */
-               return get_main_ref_store();
-       }
+       if (!submodule)
+               return NULL;
+
+       len = strlen(submodule);
+       while (len && is_dir_sep(submodule[len - 1]))
+               len--;
+       if (!len)
+               return NULL;
+
+       if (submodule[len])
+               /* We need to strip off one or more trailing slashes */
+               submodule = to_free = xmemdupz(submodule, len);
 
        refs = lookup_ref_store_map(&submodule_ref_stores, submodule);
        if (refs)
-               return refs;
+               goto done;
 
        strbuf_addstr(&submodule_sb, submodule);
-       ret = is_nonbare_repository_dir(&submodule_sb);
-       strbuf_release(&submodule_sb);
-       if (!ret)
-               return NULL;
+       if (!is_nonbare_repository_dir(&submodule_sb))
+               goto done;
 
-       ret = submodule_to_gitdir(&submodule_sb, submodule);
-       if (ret) {
-               strbuf_release(&submodule_sb);
-               return NULL;
-       }
+       if (submodule_to_gitdir(&submodule_sb, submodule))
+               goto done;
 
        /* assume that add_submodule_odb() has been called */
        refs = ref_store_init(submodule_sb.buf,
@@ -1668,7 +1652,10 @@ struct ref_store *get_submodule_ref_store(const char *submodule)
        register_ref_store_map(&submodule_ref_stores, "submodule",
                               refs, submodule);
 
+done:
        strbuf_release(&submodule_sb);
+       free(to_free);
+
        return refs;
 }
 
@@ -1713,7 +1700,23 @@ int refs_pack_refs(struct ref_store *refs, unsigned int flags)
 int refs_peel_ref(struct ref_store *refs, const char *refname,
                  unsigned char *sha1)
 {
-       return refs->be->peel_ref(refs, refname, sha1);
+       int flag;
+       unsigned char base[20];
+
+       if (current_ref_iter && current_ref_iter->refname == refname) {
+               struct object_id peeled;
+
+               if (ref_iterator_peel(current_ref_iter, &peeled))
+                       return -1;
+               hashcpy(sha1, peeled.hash);
+               return 0;
+       }
+
+       if (refs_read_ref_full(refs, refname,
+                              RESOLVE_REF_READING, base, &flag))
+               return -1;
+
+       return peel_object(base, sha1);
 }
 
 int peel_ref(const char *refname, unsigned char *sha1)
@@ -2063,3 +2066,14 @@ int rename_ref(const char *oldref, const char *newref, const char *logmsg)
 {
        return refs_rename_ref(get_main_ref_store(), oldref, newref, logmsg);
 }
+
+int refs_copy_existing_ref(struct ref_store *refs, const char *oldref,
+                   const char *newref, const char *logmsg)
+{
+       return refs->be->copy_ref(refs, oldref, newref, logmsg);
+}
+
+int copy_existing_ref(const char *oldref, const char *newref, const char *logmsg)
+{
+       return refs_copy_existing_ref(get_main_ref_store(), oldref, newref, logmsg);
+}